In the dialog, you will need to use some values from the API app registration, and some from the new client app registration. Select OAuth 2.0, and click Get New Access Token: In the collection editor, we can go to the Authorization tab. Now by default Postman doesn't do a very good job of importing authentication configuration. In my case, I changed it to point to my local dev server: We can right-click the collection, click Edit, The requests have a baseUrl variable created by default, I left these at defaults since I do want a collection to be created.Īfter the import the collection showed up in the sidebar: To do that, we open Postman, click Import,Ĭhoose Import from Link, and enter our Open API document URL:Īm I the only who got some Clippy vibes from this? 😂 So let's get to testing shall we? Testing application permissions with PostmanĪn easy way for us to get started in Postman is to import the Open API document from our API. Now our API accepts application permissions as well! If (acceptedDelegatedPermissions.Any(accepted => delegatedPermissions.Contains(accepted)))Įlse if (acceptedApplicationPermissions.Any(accepted => appPermissionsOrRoles.Contains(accepted))) String acceptedApplicationPermissions = AuthorizedPermissions.ApplicationPermissionsForActions String acceptedDelegatedPermissions = AuthorizedPermissions.DelegatedPermissionsForActions Caller has a valid application permissionĪnd the ActionAuthorizationRequirementHandler ( class source code): string delegatedPermissions = (Claims.ScopeClaimType).Select(c => c.Value).ToArray() Caller has a valid delegated permissionĮlse if (appPermissionsOrRoles.Any(p => allAcceptedApplicationPermissions.Contains(p))) If (delegatedPermissions.Any(p => allAcceptedDelegatedPermissions.Contains(p))) String allAcceptedApplicationPermissions = ApplicationPermissions.All String appPermissionsOrRoles = (Claims.AppPermissionOrRolesClaimType).Select(c => c.Value).ToArray()
String allAcceptedDelegatedPermissions = DelegatedPermissions.All Then we need to update the AnyValidPermissionRequirementHandler to accept application permissions ( class source code): string delegatedPermissions = (Claims.ScopeClaimType).Select(c => c.Value).ToArray()
So it's pretty much like before, we allow one permission for one of the actions, and one for the other. There we need to add the permissions we want to the appRoles property: You can find the manifest through the Manifest button on the left side when you open your app registration. Sadly there is no UI for application permissions. We already defined delegated permissions / scopes in part 1 through the Portal UI. We need to first define application permissions in Azure AD. In order to test API calls authenticated with client credentials, Defining application permissions for the API With Swagger UI, we always required the user to sign in. In particular, we can test service to service API calls where the calling service authenticates with only its credentials. So you can do similar things like with Swagger UI, Where you can build requests, run them, and see responses. In this part we will look at a different tool for testing APIs.
We will continue with the same sample app, To test an Azure AD-protected ASP.NET Core API. We setup Azure AD authentication on Swagger UI
0 kommentar(er)
